Cloud Data Loss Prevention API

Automatically discover and redact sensitive data everywhere

Classify and Redact Sensitive Data

The DLP API helps you better understand and manage sensitive data.
It provides fast, scalable classification and redaction for sensitive data
elements like credit card numbers, names, social security numbers, US and
selected international identifier numbers, phone numbers and GCP credentials.
The API classifies this data using more than 90 predefined detectors to
identify patterns, formats, and checksums, and even understands contextual clues.
You can optionally redact data as well using techniques like masking, secure hashing,
bucketing, and format-preserving encryption. Try the DLP API in this
demo application.

Be Smart with your Data

The DLP API allows you to minimize what you collect, store, expose, or copy. Classify
or automatically redact sensitive data from text streams before you write to disk,
generate logs or perform analysis. Alert users before they save sensitive data
in your applications. Automatically choose the most suitable storage system and
the right set of access controls based on the presence of sensitive content.

Safely Unlock more of the Cloud

Today your data is your most critical asset. DLP API provides tools to classify,
mask, tokenize, and transform sensitive elements in real-time to help you better
manage the data that you collect, store, or use for business or analytics.
For example, features like format-preserving encryption allow you to preserve utility
of your data for joining or analytics while obfuscating the raw sensitive identifiers.

Efficiently Manage your Sensitive Data

One of the first steps to properly managing your sensitive data is knowing where
it exists. The DLP API gives you the power to scan, discover, and report on data
from virtually anywhere. Using this service, you can scan or redact streaming
text and image content from data workloads in Google Cloud Platform, within
other clouds, or from your on-premise environment.

The DLP API has built in support for scanning and classifying sensitive data
in Cloud Storage, BigQuery, and Cloud Datastore, with no need for your data to
egress out of GCP and no hard limits on object, table, or bucket size. The scan
findings can then inform the configuration, management, and access policy of your
sensitive data.

Built to Easily Fit into your Workloads

The DLP API architecture includes several features to make it easy to use in small
or large operations. Templates for inspection and de-identification allow you
to define configurations once and use them across API calls. DLP job triggers
and actions allow you to kick off inspection jobs periodically and generate Cloud
Pub/Sub notifications when jobs are complete. See this
tutorial on using DLP with Cloud Functions to automatically classify
data in Cloud Storage.

Enhance your Understanding of Data Privacy Risk

Quasi-identifiers are partially identifying or elements or combinations of data
that may link to a single person or a very small group. The DLP API allows you to
measure statistical properties such as k-anonymity and l-diversity, expanding your
ability to understand and protect data privacy.

Cloud Data Loss Prevention API FEATURES

Automatically discover and redact sensitive data everywhere

Flexible Classification

90+ pre-defined detectors with a focus on quality, speed, scale. Detectors
are improving and expanding all the time. A full list of detectors is available in the
documentation.

Secure Data Handling

The DLP API handles your data securely and undergoes several independent third party
audits to test for data safety, privacy, and security. Read more on our
compliance page.

Custom Detectors

Extend the power of DLP API with custom defined detection including custom
dictionaries, pattern recognition, and context rules.